I seriously doubt it being an inside job though I won't rule it out entirely given this sort of inside jobs happens quite often with nationalized banks like sbi. How did you figure out it was from hdfc?
Be-aware: Sim-Swap/Phishing Money Theft from Bank accounts!
Most senior citizens keep money in liquid assets mainly if they need it in emergency cases.
On Airtel, both incoming SMS is blocked for 24 hours. This thing was put in place specifically so that OTP's cannot be received.
adventureguy
Herald
I still don't get how he managed to siphon out the amount using only sim card. even if they got their sim card cloned, how did hackers figure out internet banking username, password and if its for signing up for UPI, how did they get the bank account number?
If its for placing online orders, how did they get his card details?
so many unanswered questions
If its for placing online orders, how did they get his card details?
so many unanswered questions
I need some education here
What does "request to duplicate" mean? Whenever I have lost my phone, I had to get a new SIM (with a new SIM number) issued. The older sim (and hence the older SIM number) becomes (I am assuming) unusable.
So if they duplicated the old sim and also deactivated it, how were they able to use it
If you lose your sim or the sim gets damaged and no longer working, you can request for a replacement sim without losing the same number. Earlier, operators didn't do much checks on the requester, but more recently, they started asking for details like identity. address documents etc. Also to be noted is that there used to be lot of cases where the operators staff had acted in collusion for the frauds, so at least with Airtel, they have made the process more cumbersome so that final authorization/activation is not done by person taking the request. This process is also being used to upgrade 2G/3G SIM's to 4G. In Airtel, the the sim duplication request is initiated from from the users phone itself using the SIM number.
In this particular case, if SIM number has been used for SIM duplication, then it was procured in some manner. Given the nature of the fraud and size of transactions on 14 different accounts and account closure, I think it was done by somebody he is close to. Maybe family, relatives or friends etc.
This is not an uncommon scenario. A while ago, one of my colleagues has had transactions done on his credit card and he discovered that they went towards flipkart purchases. He never got any SMS for OTP for the transactions, but his phone was working. Flipkart would not divulge details on the transactions. He registered a compliant with cyber crime wing in Hyderabad. They obtained information from Flipkart and traced the IP that did the transactions to his own home. He is a bachelor and lived with a room mate. After some intimidation, the room mate confessed. Apparently, he used my colleagues credit card while he was sleeping. He did get OTP on his mobile which this guy used and then deleted.
nRiTeCh
Northstar
Exactly. Using sim clone one can only make calls etc. But how can one obtain someone's un pw card details etc. Unless the op really made some transactions on his own & here the otp was received on the cloned sim still in the sms nowhere there are any sensitive details revealed in the sms except for transactions.
This is only possible when you already have such details handy or the whole phone is cloned.
Nor any idiot is going to call the bank merely on phones basis. He dont even have his last 4 digits of card, mom dad's maiden name, his registered address etc. If yes then its sureshot some insider.
Another option is to put phone in airplane mode while sleeping so the cloning idiot wont be able to check for anything.
Or set transaction limit to 1k during weekends for primary or bulk accounts.
Best option is to have 2-3sims for various bank accounts and not having all bank accounts registered to only one sim this is actually a foolish move.
I have my accounts scattered across 3 sims. Its a headache though it helps saves from such incidents. At least you won't get bankrupt just by single sim clone.
Yesterday news channels stated these things happen only on Friday Saturday so the op isnt able to make it to banks or telecom galleries due to holidays.
Last edited:
Even I like to keep 5 lac reserve funds in my savings account. Its not uncommon for people to be cautious like that. In any case, if the fraudster gets access to the access to the account, it won't matter whether the money is in FD's. They can simply liquidate the FD's if they were made online.
I find this line very suspicious:
"As per the police, his telecom operator received the request to duplicate SIM at 11.30 PM, and it takes around 4 hours to duplicate the SIM, and deactivate the old SIM."
If you duplicate the SIM and then deactivate (the older SIM), wouldn't both of them stop working?
The cynic inside me believes that 1.7 cr went to various Swiss bank accts and 16 lacks went to the police and the media to create a cover story.
HDFC is one f**ked up bank. One my friends inherited some money. Because of family disputes, the acct had to be locked for some time. While she was making rounds of police stations and courts, the folks at HDFC were having a good time with her money. Now the acct is locked because the police is investigating the fraud.
She gets calls from Puri once every month. But no progress in the past six month.
Minor correction.... 1.7 cr went to various swiss bank accounts of the victim or victim's known ones
sandeepsachin
Forerunner
This is really scary. I like to keep reserve funds too in savings for emergencies. Above a particular threshold (25k) , the money which gets converted to a deposit . Just like sweep in, sweep out. The money can still be withdrawn from ATMs or cheques.
But in case of banks like SBI, if you have a FD, it cannot be closed online. You'll still have to visit a branch. So even if your account gets emptied, your FD money will atleast be safe.
Now am wondering if it's a safer option to put it in such a FD now in SBI or other nationalised bank
But in case of banks like SBI, if you have a FD, it cannot be closed online. You'll still have to visit a branch. So even if your account gets emptied, your FD money will atleast be safe.
Now am wondering if it's a safer option to put it in such a FD now in SBI or other nationalised bank
N
NotMyRealName
The caller ID said hdfc bank, the sms was a debit otp for his hdfc debit card. But the kicker is all the people saying don't use debit card online, use only credit. He never used this card online, just atm withdrawals, he may have done 1-2 pos transactions (I'm just assuming), but he insists he's never used it even for that. Very low tech guy...
N
NotMyRealName
If you're talking about a debit sweep into an MOD, just this 31st December they started an mod. I needed the funds in my savings to show proof of funds for a visa. So i was looking at closing the MOD and after a lot of searching found a partial closure of FD option in NetBanking. Nothing in the mobile app.
But that's besides the point, they can make an online transaction of the full amount (savings a/c+MOD).
*MOD=Multi Option Deposit
Deactivation of old SIM is done explicitly by the operator after the new SIM is ready for use. FYI, I went through this process with Airtel. Once the new SIM is ready to use, old SIM would be deactivated. That's your cue to install the new SIM. I don't know what you mean by "wouldn't both of them stop working". Why would both stop working?
Based on the info that the new SIM was activated in mere hours, its likely not an Airtel sim. With Airtel, you won't be able to get any SMS for 24 hours after SIM duplication.
As for the last part, why would anybody go to such troubles for a measly 1.8 crore. Swiss bank accounts etc are the domain of people for whom even 10-20 crore is like small change and their dealings are 100's or 1000's of crores. Any thing below 5 crore is the domain of the (upper) middle class folk.
By caller ID, if you mean some app like Trucaller, then its pretty easy to fake it. True caller picks up the names from peoples contacts If a few people add the number to their contract list and set the label as HDFC Bank, then it would report as HDFC bank. This exactly sort of thing has been used for scams there days with google too. This is why advisories are being given not to trust numbers procured through google/google maps since anybody can set/change them.
As for getting hold of debit cards, there have been numerous cases of card duplication devices being setup in unguarded ATM's. The device goes on top of he card slot. You put the put in such an ATM and the card information would be copied which can then be retrieved to make a duplicate card. This is why all mag stripe cards have been banned from 1st Jan and all debit cards have to be EMV cards.
sandeepsachin
Forerunner
That's why I was asking if it would be better to shift the funds to a traditional FD which can't be closed online
FD's can be liquidated online even with SBI. I have done the same numerous times. It is only the old FD"s that were opened in person at the bank that cannot be liquidated online. If the FD is linked to your net banking account, then they can be liquidated.
Also, I would not trust SBI at all with my money. This bank has the most amount of frauds happening and is very unfriendly to deal with when you run into a fraud.
Also, I would not trust SBI at all with my money. This bank has the most amount of frauds happening and is very unfriendly to deal with when you run into a fraud.
What you went through was replacing an existing sim with a new SIM. In your case, there was no information stealing/cloning involved. The operator associated your existing number with the new SIM.
What these folks seem to be talking about is stealing the current SIM data and creating a new SIM with the same info. In this case (as I understood), there should be no involvement of the operator. The network wouldn't be able to distinguish between the two SIMs.
But the information provided is so sketchy and inconsistent, it is hard to say what exactly happened.
Last edited:
Request was to operator
For stolen SIM, SIM number would not be available and request is processed only based on mobile number. In this case, SIM number was used which means the work flow is same as replacing existing SIM.
Just to add, there are a lot of precautionary measures on Airtel at least
1. Once a request is made, an SMS is sent on the number that you made a SIM replacement request and you are offered to send an SMS back to cancel the request if you have not made it.
2. The request is not processed in mere hours.
3. Once the new SIM is ready for use, old would be deactivated. Once the new SIM is put in a phone and activated, for 24 hours from that time, you will not be getting any SMS.
For stolen SIM, SIM number would not be available and request is processed only based on mobile number. In this case, SIM number was used which means the work flow is same as replacing existing SIM.
Just to add, there are a lot of precautionary measures on Airtel at least
1. Once a request is made, an SMS is sent on the number that you made a SIM replacement request and you are offered to send an SMS back to cancel the request if you have not made it.
2. The request is not processed in mere hours.
3. Once the new SIM is ready for use, old would be deactivated. Once the new SIM is put in a phone and activated, for 24 hours from that time, you will not be getting any SMS.
Last edited:
If it is the same sim number, what changes were needed from the operator side?
Again, I don't know the tech involved enough. But whenever the operators give me a new SIM, they only write down a long number (from back of the sim card) on the form. I am assuming the number is enough to reprogram their database.
If the new SIM had the same number, what exactly did the operator do?
Again, I don't know the tech involved enough. But whenever the operators give me a new SIM, they only write down a long number (from back of the sim card) on the form. I am assuming the number is enough to reprogram their database.
If the new SIM had the same number, what exactly did the operator do?
Last edited: